Accepted leptonlib 1.74.1-1+deb9u1 (source amd64) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 29 Mar 2021 19:03:02 +0200
Source: leptonlib
Binary: libleptonica-dev liblept5 leptonica-progs
Architecture: source amd64
Version: 1.74.1-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Jeff Breidenbach <jab@debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
leptonica-progs - sample programs for Leptonica image processing library
liblept5 - image processing library
libleptonica-dev - image processing library
Changes:
leptonlib (1.74.1-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the LTS Team.
* activate testsuite (-> make check after make)
* CVE-2020-36277
denial of service (application crash) via an incorrect left
shift in pixConvert2To8 in pixconv.c
* CVE-2020-36278
heap-based buffer over-read in findNextBorderPixel in ccbord.c
* CVE-2020-36279
heap-based buffer over-read in rasteropGeneralLow, related to
adaptmap_reg.c and adaptmap.c
* CVE-2020-36281
heap-based buffer over-read in pixFewColorsOctcubeQuantMixed
in colorquant1.c
Checksums-Sha1:
d203231912ec9e901f3567d183858cd94769e145 2109 leptonlib_1.74.1-1+deb9u1.dsc
fadf8e6faae14ea87e86e0df2826f60b07117c7d 10899752 leptonlib_1.74.1.orig.tar.gz
f1e9dfe30f09468beae29d809ef2894da105c03f 8484 leptonlib_1.74.1-1+deb9u1.debian.tar.xz
4dd77f6a0801a5e3332fb5eb70f7ee0be8d71a12 34566 leptonica-progs-dbgsym_1.74.1-1+deb9u1_amd64.deb
9bd4849281b2ccdbb26a6966e7806175bd8f2270 17580 leptonica-progs_1.74.1-1+deb9u1_amd64.deb
d70f3cb89f9fd52db008d29f96509e6ba2098c7e 7832 leptonlib_1.74.1-1+deb9u1_amd64.buildinfo
7101abea7bc09fd480d666679e6ce362d4ae22ed 2220560 liblept5-dbgsym_1.74.1-1+deb9u1_amd64.deb
54e2f93ff7a27fc9f6cdb16f4f4039f645fadba8 923542 liblept5_1.74.1-1+deb9u1_amd64.deb
0675d84a130ae6e74e46da27b3309c344fe8e7d1 1302964 libleptonica-dev_1.74.1-1+deb9u1_amd64.deb
Checksums-Sha256:
c63ef213483f0e0832e40916717d2ea5e21be261c27bdacea7820c9368580801 2109 leptonlib_1.74.1-1+deb9u1.dsc
6d40c7318b2b60fec5173475e8a34c1e08799d668a533d1756c9dfeb874a9d8a 10899752 leptonlib_1.74.1.orig.tar.gz
6c489632f9fda615260a8099d2ce51427492753e02db3d568973248c31543775 8484 leptonlib_1.74.1-1+deb9u1.debian.tar.xz
9a3ac24f193e35fdfbcaaf281352bfcc3942d595dfe508a031e4cdab8e97089f 34566 leptonica-progs-dbgsym_1.74.1-1+deb9u1_amd64.deb
bf70f12f5893796712198fe704b31f1687f43fe5e05731e0a3086edf5aa0e7cc 17580 leptonica-progs_1.74.1-1+deb9u1_amd64.deb
43850437b01b7ecab67ec1ab8002a33046e980177e496a0b5074e79ce170e234 7832 leptonlib_1.74.1-1+deb9u1_amd64.buildinfo
ca788cc2dcaba2066782b37fc51358d8bcc4ac658722a5d160933280239126f6 2220560 liblept5-dbgsym_1.74.1-1+deb9u1_amd64.deb
3cfc478885b9251b2f0b0e4193dadc08d7eb9ba3a0d0d7d9fb47dd8966ca0b25 923542 liblept5_1.74.1-1+deb9u1_amd64.deb
6b8f513c12e6fcb8207225a8de5a3c2eceac8e4d192ebb6d94dae72b321fe300 1302964 libleptonica-dev_1.74.1-1+deb9u1_amd64.deb
Files:
1975be9f1a48d767125b99d1a43f0466 2109 graphics optional leptonlib_1.74.1-1+deb9u1.dsc
b3de9ae35976fd4fc3f6dae5a4368bca 10899752 graphics optional leptonlib_1.74.1.orig.tar.gz
0b84392915ea4678f303596c1bee8e8f 8484 graphics optional leptonlib_1.74.1-1+deb9u1.debian.tar.xz
f6449a306635bd483d8042a95ee34a26 34566 debug extra leptonica-progs-dbgsym_1.74.1-1+deb9u1_amd64.deb
207d2a148762c68af789f96211f901c2 17580 graphics optional leptonica-progs_1.74.1-1+deb9u1_amd64.deb
f7b3ecad8350ac0bbad066bdde1a937b 7832 graphics optional leptonlib_1.74.1-1+deb9u1_amd64.buildinfo
7b910372f81675fce6c57651a39dbb99 2220560 debug extra liblept5-dbgsym_1.74.1-1+deb9u1_amd64.deb
172d0e58612f3991f6d01e1a2c9d0634 923542 libs optional liblept5_1.74.1-1+deb9u1_amd64.deb
14b5985da0c5ab0d9cd91d0af08bb214 1302964 libdevel optional libleptonica-dev_1.74.1-1+deb9u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmBkQY1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR1wdD/9SH8UhdBbKSsGOv39GM1YbKElD4twb
1buadZBhI7nNknZ/oltAXfVim/rvSza3PFnFXs+YDUBkrc7NEbxL713f4I44nqzw
Vf/C8wKATR9c2Otobw70ySZD29X66cY9xrjy/AfFUBq0uzAxn9Iynk5FFJvS6noB
8PTv69+Po/ZDETCSOj7o43c6H5vV0OqprEMqPSphL+dqXwKPsHRQ/Iwm1DpikDOi
kbHUOVqddejTWIT1Jp9YYsSfJJ1dOyRkjNv0Y1M8+/dBdnkTNgxM7ZDooHQMZMwC
JRoEk8jHahXVUfqsHTVbaxhqaqiE+e0FnrOpOyMhOYyNK5LY0EfqbMsHcNYIajJb
I8B+jjwwqbfXzAGFIKah6rOEioM8JwXi/Z4Zepwf/RIpKXjHLTa32Nv+LevdxMOR
Lakr/qr+noa37N4FTtFbgWHuO8JZGqS/fAxagh6CTlKoY2CEA/456gzU1fXfKwb4
LdkYVE0I5mOH7lwwy33iK7j588idxS7N22G3OHBXLloOVBxl59f/c3sKeMfCdF7r
Pw0Te2pI+4MzIK/WHQDQj+NlkpclLuRcDcJj+1n/wehteb7R0Cyklhlwt4vfPJvI
WUDwJxmLaGVrOaU9pS2yrWiETw68inz0XRtZEBtp6X7wZtubga656G8pkCxTGm5R
PEch033g+WMTNg==
=1CKN
-----END PGP SIGNATURE-----